help-guix
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LUKS-encrypted root and unencrypted /boot ?


From: Benjamin Slade
Subject: Re: LUKS-encrypted root and unencrypted /boot ?
Date: Sat, 04 Aug 2018 15:14:15 -0600
User-agent: mu4e 1.0; emacs 26.1

 > > Thanks, I'll look into that. For the moment I've just switched to
 > > having an unencrypted root and encrypted /home partition (where the
 > > swapfile also lives),

 > > ...which seems to me better from a security standpoint (I can
 > > use --iter 500, sha512, &c. without an issue).

 > But it's easier put a malware in an unencrypted root ;)

That's true, but if someone has the time/access to be putting malware in
the unencrypted root of an GuixSD install (will they know to put things
in /gnu/store ?) they could also install physical keyloggers and so on
(perhaps more efficiently). So while I'd prefer to have the whole thing
encrypted, realistically I'm mainly protecting my personal data if it's
stolen/taken from me (as long it's off, that is).

--
Benjamin Slade - https://babbagefiles.xyz
  `(pgp_fp: ,(21BA 2AE1 28F6 DF36 110A 0E9C A320 BBE8 2B52 EE19))
    '(sent by mu4e on Emacs running under GNU/Linux . https://gnu.org )
       `(Choose Linux ,(Choose Freedom) . https://linux.com )



reply via email to

[Prev in Thread] Current Thread [Next in Thread]